O'Reilly logo

CompTIA® Linux+ Certification, Powered by LPI, Student Manual by Axzo Press

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Security 1311
Topic B: Network security
This topic covers the following CompTIA exam objectives for Linux+ [Powered by
LPI] Certification, LX0-101 and LX0-102 exams.
# Objective
109.3 Basic network troubleshooting
Manually and automatically configure network interfaces and routing tables to include
adding, starting, stopping, restarting, deleting, or reconfiguring network interfaces
Change, view, or configure the routing table and correct an improperly set default route
manually
Debug problems associated with network configuration
The following is a partial list of the used files, terms, and utilities:
route
netstat
traceroute
110.1 Perform security administration tasks
Being able to use nmap and netstat to discover open ports on a system
The following is a partial list of the used files, terms, and utilities:
nmap
netstat
110.2 Set up host security
Turn off network services not in use
Understand the role of TCP wrappers
The following is a partial list of the used files, terms, and utilities:
/etc/xinetd.d/*
/etc/xinetd.conf
/etc/inetd.d/*
/etc/inittab
/etc/init.d/*
/etc/hosts.allow
/etc/hosts.deny
1312 CompTIA Linux+ Certification, Powered by LPI
Routing and firewalls
Explanation
Routing is a network service that enables packets from one network to be sent to another
network. Recall that IP addresses have two parts: the network address and host address.
Without routing, packets addressed to one network cannot reach another network.
Keep in mind that IP network addresses are logical constructs. Even if two computers
share the same physical networking medium, they are unable to communicate if they are
configured on separate IP networks.
Basic routing tables
On every computer, the kernel maintains a basic routing table. The computer uses this
table to determine to which network it belongs and through which interface to direct
packets. For example, Exhibit 13-3 illustrates a basic routing table. Packets destined for
the 192.168.1 network are sent via the eth0 interface. Packets for other networks are
sent to the default gateway, WRT160N, also via eth0.
Exhibit 13-3: A basic routing table
Routing
A multihomed computer is one with two or more network cards. On such computers,
each interface is connected to a separate network. You can create a more complex
routing table that helps the computer determine where packets should be sent. Once you
have done so, the computer can listen on one interface and send packets to another
interface as they arrive.
A computer that forwards packets in this manner is called a router. Dedicated devices
for this purpose are also called routers.
To enable routing, or IP forwarding as it’s sometimes called, you must activate the
service. You do so by modifying the /proc/sys/net/ipv4/ip_forward file. If that file
contains a 1, routing is enabled; if it contains a 0, routing is disabled.
Security 1313
With routing enabled, your computer forwards packets to networks for which it has a
network interface. In other words, if you have two interfaces connected to the 192.168.1
and 192.168.100 networks, you computer automatically forwards packets between those
networks.
Routing to remote networks
Your router might not be connected to every subnet on your network. Consider Exhibit
13-4. Router A is connected to the 192.168.1 and 192.168.100 networks. Router B is
connected to the 192.168.100 and 192.168.200 networks. If a computer on the
192.168.1 network attempts to send a packet to a computer on the 192.168.200 network,
that packet arrives first at Router A. But Router A doesn’t have a connection to the
192.168.200 network and thus doesn’t know where to send the packet.
Exhibit 13-4: A large network with multiple subnets
You can manually add entries to the routing table that tell Router A where to send
packets destined for “remote” networks. You do so with the
route or ip commands.
route add net remote_net mask netmask local_net
For example, using our preceding example, we might use the following command to
instruct Router A to send packets destined for the 192.168.200 to the 192.168.100
network. (The router on that network forwards the packet to its final destination.)
route add net 192.168.200.0 mask 255.255.255 192.168.100.0

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required